diff --git a/infra/synology/README.md b/infra/synology/README.md index 41901fe..945274f 100644 --- a/infra/synology/README.md +++ b/infra/synology/README.md @@ -44,6 +44,7 @@ http://task.nas.nodedc:18090 - `docker-compose.platform-http.yml` поднимает новый Authentik, Launcher и Caddy edge. - `Caddyfile.http` маршрутизирует локальные `auth/launcher/task.nas.nodedc` и внешние `id/hub/ops.nodedc.ru`. - `deploy-current.sh` синхронизирует compose, Caddyfile, Authentik templates и опционально Launcher source в NAS mount. +- `backup-current.sh` делает snapshot Launcher runtime/uploads/Auth templates/config и готовит команду `pg_dump` для Authentik Postgres. - Tasker поднимается отдельным compose из `NODEDC_TASKMANAGER/plane-app/docker-compose.yaml` на порту `18090`. ## Синхронизация текущего состояния @@ -59,6 +60,23 @@ LAUNCHER_REPO=/Users/dcconstructions/Downloads/mnt/data/nodedc_launcher \ Скрипт не запускает Docker сам: на NAS `sudo` интерактивный, поэтому команды применения печатаются в конце. +## Backup текущего состояния + +С Mac, при смонтированном `/Volumes/docker`: + +```bash +cd /Users/dcconstructions/Downloads/mnt/NODEDC/platform +NAS_ROOT=/Volumes/docker/nodedc-platform ./infra/synology/backup-current.sh +``` + +Файловый backup создаётся в `/Volumes/docker/nodedc-platform/backups/platform-current-*`. + +Для Authentik Postgres dump нужно выполнить напечатанную команду на Synology, потому что Docker доступен через интерактивный `sudo`: + +```bash +bash /volume1/docker/nodedc-platform/backups/platform-current-YYYYMMDD-HHMMSS/run-authentik-db-dump-on-synology.sh +``` + ## Что нужно перед запуском - Собрать или загрузить `linux/amd64` images: diff --git a/infra/synology/backup-current.sh b/infra/synology/backup-current.sh new file mode 100755 index 0000000..be09d8b --- /dev/null +++ b/infra/synology/backup-current.sh @@ -0,0 +1,112 @@ +#!/usr/bin/env bash +set -euo pipefail + +NAS_ROOT="${NAS_ROOT:-/Volumes/docker/nodedc-platform}" +NAS_PLATFORM_DIR="${NAS_PLATFORM_DIR:-/volume1/docker/nodedc-platform/platform}" +BACKUP_ROOT="${BACKUP_ROOT:-${NAS_ROOT}/backups}" +TIMESTAMP="${TIMESTAMP:-$(date +%Y%m%d-%H%M%S)}" +BACKUP_DIR="${BACKUP_DIR:-${BACKUP_ROOT}/platform-current-${TIMESTAMP}}" +DOCKER_BIN="${DOCKER_BIN:-/usr/local/bin/docker}" +COMPOSE_FILE="${COMPOSE_FILE:-${NAS_PLATFORM_DIR}/docker-compose.platform-http.yml}" +ENV_FILE="${ENV_FILE:-${NAS_PLATFORM_DIR}/.env.synology}" + +mkdir -p "${BACKUP_DIR}/files/platform" \ + "${BACKUP_DIR}/files/launcher" \ + "${BACKUP_DIR}/files/authentik" + +rsync_dir() { + local source="$1" + local destination="$2" + + if [[ -e "${source}" ]]; then + rsync -a --delete "${source}" "${destination}" + else + echo "skip missing: ${source}" | tee -a "${BACKUP_DIR}/warnings.log" >&2 + fi +} + +rsync_file() { + local source="$1" + local destination="$2" + + if [[ -f "${source}" ]]; then + rsync -a "${source}" "${destination}" + else + echo "skip missing: ${source}" | tee -a "${BACKUP_DIR}/warnings.log" >&2 + fi +} + +rsync_dir "${NAS_ROOT}/launcher/server-storage/" "${BACKUP_DIR}/files/launcher/server-storage/" +rsync_dir "${NAS_ROOT}/launcher/uploads/" "${BACKUP_DIR}/files/launcher/uploads/" +rsync_dir "${NAS_ROOT}/authentik/custom-templates/" "${BACKUP_DIR}/files/authentik/custom-templates/" +rsync_dir "${NAS_ROOT}/platform/authentik/" "${BACKUP_DIR}/files/platform/authentik/" + +rsync_file "${NAS_ROOT}/platform/.env.synology" "${BACKUP_DIR}/files/platform/" +rsync_file "${NAS_ROOT}/platform/.env.synology.example" "${BACKUP_DIR}/files/platform/" +rsync_file "${NAS_ROOT}/platform/docker-compose.platform-http.yml" "${BACKUP_DIR}/files/platform/" +rsync_file "${NAS_ROOT}/platform/Caddyfile.http" "${BACKUP_DIR}/files/platform/" + +cat > "${BACKUP_DIR}/manifest.txt" < "${BACKUP_DIR}/run-authentik-db-dump-on-synology.sh" < "\${BACKUP_DIR}/authentik-postgres.dump" + +sudo "${DOCKER_BIN}" compose \\ + --env-file "${ENV_FILE}" \\ + -f "${COMPOSE_FILE}" \\ + exec -T postgresql-authentik \\ + sh -lc 'pg_restore --list /dev/stdin >/dev/null' \\ + < "\${BACKUP_DIR}/authentik-postgres.dump" + +if command -v sha256sum >/dev/null 2>&1; then + (cd "\${BACKUP_DIR}" && sha256sum authentik-postgres.dump > SHA256SUMS) +else + (cd "\${BACKUP_DIR}" && shasum -a 256 authentik-postgres.dump > SHA256SUMS) +fi + +echo "authentik-db-dump-ok: \${BACKUP_DIR}/authentik-postgres.dump" +EOF +chmod +x "${BACKUP_DIR}/run-authentik-db-dump-on-synology.sh" + +find "${BACKUP_DIR}" -name @eaDir -prune -o -type d -exec chmod 700 {} \; +find "${BACKUP_DIR}" -name @eaDir -prune -o -type f -exec chmod 600 {} \; +chmod 700 "${BACKUP_DIR}/run-authentik-db-dump-on-synology.sh" + +if [[ -x "${DOCKER_BIN}" && "${NAS_ROOT}" == /volume1/* ]]; then + "${BACKUP_DIR}/run-authentik-db-dump-on-synology.sh" +else + cat <